Headline
RHSA-2023:2444: Red Hat Security Advisory: net-snmp security and bug fix update
An update for net-snmp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-44792: A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service.
- CVE-2022-44793: A flaw was found in Net-SNMP. This issue occurs because the handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception that could allow a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2444 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: net-snmp security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for net-snmp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.
Security Fix(es):
- net-snmp: NULL Pointer Exception when handling ipDefaultTTL (CVE-2022-44792)
- net-snmp: NULL Pointer Exception when handling pv6IpForwarding (CVE-2022-44793)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2141897 - CVE-2022-44792 net-snmp: NULL Pointer Exception when handling ipDefaultTTL
- BZ - 2141898 - CVE-2022-44793 net-snmp: NULL Pointer Exception when handling pv6IpForwarding
- BZ - 2151540 - Memory leak when IPv6 is disabled through ipv6.disable=1 [RHEL-9]
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
net-snmp-5.9.1-9.el9.src.rpm
SHA-256: de200516c467c5c275054be412f3d2cd20c26e6d14f4f59f5b10c1c5070d9180
x86_64
net-snmp-5.9.1-9.el9.x86_64.rpm
SHA-256: a05783be5837cf265bb82a8d3a19d5004c0166e30a18c0b64cf4ee71969d61bd
net-snmp-agent-libs-5.9.1-9.el9.i686.rpm
SHA-256: 751b6343044d38a80164b57359296aa0d45d5fcd919eca5f60ae15af6a3c73ac
net-snmp-agent-libs-5.9.1-9.el9.x86_64.rpm
SHA-256: 58649f8e9fde4e723a8163642f4e20e7a94e9d664e556f5d4e48f116b9c08a35
net-snmp-agent-libs-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: 119e0e3fb5bb55d33d2c1ba92bb9f583606416d077a1257a6fe3dd6b74bddf88
net-snmp-agent-libs-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: 78f387b9bb8c4dfd84a54638b031bcbb59bfc5488642d641b98f0e07b0903379
net-snmp-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: e0d1f62e6d50dff434d7f9eed8acbbde7d179be19bcb0fe6beb9134d2d94f723
net-snmp-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: 460a0f58c0a1c6025fb69490dfb94d7324d9b768fbb736ba84c83358f27b9984
net-snmp-debugsource-5.9.1-9.el9.i686.rpm
SHA-256: b988b7b673a98aabac6902efe1baa4f12c0e76fba5f024d6c6a518e1e682da80
net-snmp-debugsource-5.9.1-9.el9.x86_64.rpm
SHA-256: 392f9bb3ea88689c7ece826dd03f724c7b15efb26ae91f130ae76c4484e94c55
net-snmp-devel-5.9.1-9.el9.i686.rpm
SHA-256: c5b83b98b235fbc949ba9a03c332b9a6854e83d70baf0dd5c407340849f86680
net-snmp-devel-5.9.1-9.el9.x86_64.rpm
SHA-256: f842d275a0ddd1d6efe57975bc7b7646a447d7a9a3f80703e9adacd58125b6b0
net-snmp-libs-5.9.1-9.el9.i686.rpm
SHA-256: 8e29563edd24e56fe868a871a31fd9f146dd8be7567234ba999f75bc3b0d6196
net-snmp-libs-5.9.1-9.el9.x86_64.rpm
SHA-256: c80701f460611f8a0b71c0b530d9de55b1cfa68f39d08cdc8ab7ee4da4a3186a
net-snmp-libs-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: 2e23d97c63a7483837c752f2bf501f1fb2b76a628d2df52a10221de2195c7596
net-snmp-libs-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: 6e17a5d7b7193f42df3a4e86cf17bfd18d3b8441f277b5845629117dbc435d6d
net-snmp-perl-5.9.1-9.el9.x86_64.rpm
SHA-256: b3f344553589d14ffc8f4d118f162d0c0e5d3a644a8267427739567a84764520
net-snmp-perl-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: 4e78122b54a512e642664fded36d61703b6e46d2b6f39783b76b8825bf22464a
net-snmp-perl-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: 59d72eaea4d5c4249220158db269cf40a29491f83f7ca12fc71eb20ba8d2b747
net-snmp-utils-5.9.1-9.el9.x86_64.rpm
SHA-256: 8e3f5731b97f3ed5dba11092e9778ab3906147c00f1a2314204531c4f35dd2c5
net-snmp-utils-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: 73b2faf740f074669546952d1902e8c13b502c6046533e14a96693e13384cf0e
net-snmp-utils-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: 5d8154846c0cd8d1d55ff722588fa99745f64fc945d2d774c2001a6e44ba2d88
python3-net-snmp-5.9.1-9.el9.x86_64.rpm
SHA-256: 6979517afec2274a30d1d612e9681fab8f57126d032d051a3e423d4535442ff3
python3-net-snmp-debuginfo-5.9.1-9.el9.i686.rpm
SHA-256: f3855c5ba548349a9bc58bc88cf8b965bb8484da21261437263eea6d7d48b432
python3-net-snmp-debuginfo-5.9.1-9.el9.x86_64.rpm
SHA-256: cce32570ff3a149bc4ae36b8cb9acad7fa1a9033f6a859c7051b43f7a9fdd094
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
net-snmp-5.9.1-9.el9.src.rpm
SHA-256: de200516c467c5c275054be412f3d2cd20c26e6d14f4f59f5b10c1c5070d9180
s390x
net-snmp-5.9.1-9.el9.s390x.rpm
SHA-256: 9efb93ffbe268fed8e7be2a575fed8c60aeffad5930d889126cdfa043d79bb92
net-snmp-agent-libs-5.9.1-9.el9.s390x.rpm
SHA-256: fbe436db2372e5488d5f7e38edc503981089887739f6769608240deebd10d9d3
net-snmp-agent-libs-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: f16e608be49f322153ed5308da744d69b0d5de948d558ab7d96b371d733ff6fb
net-snmp-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: 52de78f44f66bd49e61662d45331ceb61a1707073b945bbdeb31b178883f0750
net-snmp-debugsource-5.9.1-9.el9.s390x.rpm
SHA-256: 9b402d7facfb6737fa0aa88abe36330bd8fbb7c6b015b27adbeaeefd5f0c208c
net-snmp-devel-5.9.1-9.el9.s390x.rpm
SHA-256: 1d3748d1b2a39004ebb78027caf85b980ca0badd494580b9351cb30e0a56c067
net-snmp-libs-5.9.1-9.el9.s390x.rpm
SHA-256: 0a00f9034183b6de59101093995beda842cf124fa7e33466e8106f51cc0d3632
net-snmp-libs-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: d804ebded662a249a13910d1d07f2b552cdb156de6238a220042cbe65af62e05
net-snmp-perl-5.9.1-9.el9.s390x.rpm
SHA-256: 9c96fdbbd082afe67b6955d8412c3788dfafc6c83fd83f502db468211f112302
net-snmp-perl-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: 9464ebe01642f1b3f14a5b10f32c7c6168f044f6d79a373590a3e441be3a24a9
net-snmp-utils-5.9.1-9.el9.s390x.rpm
SHA-256: dbe1e66e1651ca2a4499667c6c12523d84f3d249cb9d27a0927e6bc8f7e4e79a
net-snmp-utils-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: 444aae3763b658d576c9b337400be71e1256e2457d48ae154c641a1b0f692ebc
python3-net-snmp-5.9.1-9.el9.s390x.rpm
SHA-256: 57b5a984953edb25df3c42ce66c5dd50bc831463e97c496db25b0ee115323920
python3-net-snmp-debuginfo-5.9.1-9.el9.s390x.rpm
SHA-256: c1ad59b14fc96c187a02c39f8257424dca6ab57ac8ac8dbde9a898621cdcd1d5
Red Hat Enterprise Linux for Power, little endian 9
SRPM
net-snmp-5.9.1-9.el9.src.rpm
SHA-256: de200516c467c5c275054be412f3d2cd20c26e6d14f4f59f5b10c1c5070d9180
ppc64le
net-snmp-5.9.1-9.el9.ppc64le.rpm
SHA-256: 9f51a32ca5cd6c0c5f999d87d034c6624b7c4484528512262af7e8d2221e9f71
net-snmp-agent-libs-5.9.1-9.el9.ppc64le.rpm
SHA-256: 3d93f7e3a6db69c917ce39d8224433ad91a63f9bd2b2183e56c7d52ce7e0951d
net-snmp-agent-libs-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: 05fe41922b6ad7b61596d57a55bfb60e5139fdf00855c2f8dc0123615818ccd4
net-snmp-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: 594a01418c363b764ac1bf365c6d96f2f72bd262fadadae6abc9be71258d7e15
net-snmp-debugsource-5.9.1-9.el9.ppc64le.rpm
SHA-256: 4cc8bd190af5a7d8d22b9b44fef92a93b4bc32ffb59c47715e2224b64177d484
net-snmp-devel-5.9.1-9.el9.ppc64le.rpm
SHA-256: 6f128da0c39290d1e737e0523099c95e0c0d9a4a58adb6ba8f68c0e891eb2995
net-snmp-libs-5.9.1-9.el9.ppc64le.rpm
SHA-256: 1d49ad426069312395b1fb0fdfc7f8255e1294e89dd90707e4b9d5c7d952fd7e
net-snmp-libs-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: 505509bc448c456dbf4ccb149df3fa923297f260d4b08e41a1b7229272ae3896
net-snmp-perl-5.9.1-9.el9.ppc64le.rpm
SHA-256: 20d60a7c0537b0144527d1e76e95da6afa0afb092b9365266d17470083fb9b07
net-snmp-perl-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: 65353c0730af89d6c261d6f5eea7413cbc461cdef31ea7131c71675235d63fa3
net-snmp-utils-5.9.1-9.el9.ppc64le.rpm
SHA-256: 3e273340c1b470051fc1f8653849d3c6f1eec2ddedcdfbee838cdcd5f5893d4d
net-snmp-utils-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: 9ae7f619fd643e7c38bd6773f466d5ec829300b4a65b7f7ec31d6b8f93bc45e5
python3-net-snmp-5.9.1-9.el9.ppc64le.rpm
SHA-256: 9a3b936efc76b5c15a068b5076782a8c89c543bcfed0b3cfeabe5d48b10f3782
python3-net-snmp-debuginfo-5.9.1-9.el9.ppc64le.rpm
SHA-256: c97de4d3578e2bb1ee9f78b1123b274d065bbc8385668b20c2e167e3b12e0e9e
Red Hat Enterprise Linux for ARM 64 9
SRPM
net-snmp-5.9.1-9.el9.src.rpm
SHA-256: de200516c467c5c275054be412f3d2cd20c26e6d14f4f59f5b10c1c5070d9180
aarch64
net-snmp-5.9.1-9.el9.aarch64.rpm
SHA-256: f05d766110660a768103613cd7dca432dc355eeb78bbad5481158a59f25ac3f1
net-snmp-agent-libs-5.9.1-9.el9.aarch64.rpm
SHA-256: 22bb6a90e6458aa6fb2ea08d5cbbfc11255c7e3b7688b62b8d059ee52148fcb5
net-snmp-agent-libs-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: 9995ec453bd0d0bb8395d89daebc57c157071b710ed7904f0b4de80e0294b99c
net-snmp-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: e73dd64807edb569fa9e4a81487778f772f026937c84a25f2bbc8bb005647f52
net-snmp-debugsource-5.9.1-9.el9.aarch64.rpm
SHA-256: c9263f22ea87d18f306e121379b36bccca2adc591c8b1e31e2efc79d8d0a6da5
net-snmp-devel-5.9.1-9.el9.aarch64.rpm
SHA-256: 662895ef786254958703470a1b24463b308e37e55c2db5c7232043919eb46ef8
net-snmp-libs-5.9.1-9.el9.aarch64.rpm
SHA-256: 5d050af87261cfbf9690d84dbf0c3e56439bdbe5210a0c79e9b1c9c0a1b3480f
net-snmp-libs-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: e720479b0456608d4119b373a9db5116121dd1f61e365dd86a56a051afbd515f
net-snmp-perl-5.9.1-9.el9.aarch64.rpm
SHA-256: 14b2d7511dcd8321d8085baf6cdd0b2fbd85a0d383f7bf388f002840b78ddeb9
net-snmp-perl-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: daae0b525f5871a9d90d9ea116ec4feefd8bb937c8f5841d69db33853e681dff
net-snmp-utils-5.9.1-9.el9.aarch64.rpm
SHA-256: 5b608028829de140fb0d03b82d6c3b6ae7d95036644acdc385a8fd224dc56402
net-snmp-utils-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: cc42e11e171060151dc689626e772ba0761d672efc70996021cb5f33adfbcd6a
python3-net-snmp-5.9.1-9.el9.aarch64.rpm
SHA-256: 8f4a6dc7c9a34a177115bc9075712bbf18841dbbe415a859aabaaff618aeb14a
python3-net-snmp-debuginfo-5.9.1-9.el9.aarch64.rpm
SHA-256: f70e9e937519f611fc00d417d9d980e3a0e826c0e3601b9527b22d83908e67ee
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An update for net-snmp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-44792: A vulnerability was found in Net-SNMP. This issue occurs because the handle_ipDefaultTTL function in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP has a NULL Pointer Exception flaw that allows a remote attacker (who has to write access) to cause the instance to crash via a crafted UDP packet, resulting in a denial of service. * CVE-2022-44793: ...
Ubuntu Security Notice 5795-2 - USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
Ubuntu Security Notice 5795-2 - USN-5795-1 and 5543-1 fixed several vulnerabilities in Net-SNMP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
Ubuntu Security Notice 5795-1 - It was discovered that Net-SNMP incorrectly handled certain requests. A remote attacker could possibly use these issues to cause Net-SNMP to crash, resulting in a denial of service.
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.